This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and communicate with the crypto cards during ssh login. 1. The flock and ipc are allowed only for s390 architecture. They are needed for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine makes use of openCryptoki. For more information, please check here: https://sourceforge.net/projects/opencryptoki/ 2. getuid and geteuid are allowed to any architecture as this is also needed by the distros. libica and other crypto libraries use those syscalls. 3. The ioctl is allowed when an specific argument is passed. This argument is from EP11 crypto card on s390 architecture. For more information check here: http://elixir.free-electrons.com/linux/latest/source/arch/s390/include/uapi/asm/zcrypt.h#L259 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev